Russian Vulnerability Scanner Database

Back to List

CVE-2014-7868

Scores

EPSS

0.697medium69.7%
0%20%40%60%80%100%

Percentile: 69.7%

CVSS

7.5high2.0
0246810

CVSS Score: 7.5/10

All CVSS Scores

CVSS 2.0
7.5

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Description

Multiple SQL injection vulnerabilities in ZOHO ManageEngine OpManager 11.3 and 11.4, IT360 10.3 and 10.4, and Social IT Plus 11.0 allow remote attackers or remote authenticated users to execute arbitrary SQL commands via the (1) OPM_BVNAME parameter in a Delete operation to the APMBVHandler servlet or (2) query parameter in a compare operation to the DataComparisonServlet servlet.

Scaner-VS 7 — a modern vulnerability management solution

Uses this database for vulnerability detection. High-speed search, cross-platform, advanced configuration audit, and flexible filtering. Suitable for organizations of any size.
Learn more about Scaner-VS 7

Sources

nvd

CWEs

CWE-89

Exploits

Exploit ID: 35209

Source: exploitdb

URL: https://www.exploit-db.com/exploits/35209

Exploit ID: 43896

Source: exploitdb

URL: https://www.exploit-db.com/exploits/43896

Vulnerable Software (3)

Type: Configuration

Vendor: *

Product: manageengine_it360

Operating System: * * *

Trait: 
{  "cpe_match": [    {      "cpe23uri": "cpe:2.3:a:zohocorp:manageengine_it360:10.3.0:*:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:a:zohocorp:manageengine_it360:...

Source: nvd

Type: Configuration

Vendor: *

Product: manageengine_opmanager

Operating System: * * *

Trait: 
{  "cpe_match": [    {      "cpe23uri": "cpe:2.3:a:zohocorp:manageengine_opmanager:11.3:*:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:a:zohocorp:manageengine_opma...

Source: nvd

Type: Configuration

Vendor: *

Product: manageengine_social_it_plus

Operating System: * * *

Trait: 
{  "cpe_match": [    {      "cpe23uri": "cpe:2.3:a:zohocorp:manageengine_social_it_plus:11.0:*:*:*:*:*:*:*",      "vulnerable": true    }  ],  "operator": "OR"}

Source: nvd

End of list